Hello. I am looking for an alternative to Telegram and I prefer an application that uses decentralised servers. My question is: why is the xmpp+omemo protocol not recommended on websites when it is open source and decentralised? The privacyguides.org website does not list xmpp+omemo as a recommended messaging service. Nor does this website include it in its comparison of private messaging services.
https://www.privacyguides.org/en/assets/img/cover/real-time-communication.webp
Why do you think xmpp and its messaging clients such as Conversations, Movim, Gajim, etc. do not appear in these guides?
I’ve personally used 4 encrypted communication apps, here are my thoughts:
Signal: huge downside that it required a phone number (not sure if it still does), and the centralized nature of it makes me very wary of it. It worked reliably when I did use it, but I no longer use it.
Matrix with Element: As others mentioned, it leaks meta data. It wasn’t very reliable in my experience with encrypted group chats. Messages would constantly not be readable by other users in the chat, requiring frequent re-sending to finally get through. Overall I found it very frustrating to use.
XMPP: Experience can somewhat vary depending on the app used. With the Movim desktop front-end, I can sometimes have issues with encrypted messages not getting unencrypted (possibly just user error on my part), but with mobile apps like Conversations or Monocles, its been pretty much 100% reliable. Doesn’t drain my battery either. Would recommend.
Deltachat: I’ve used this the least, but I really like it. Super easy to connect to friends and join a group chat, its all encrypted by default so no real chance of encountering an unencrypted message, very nice UI, is available on all platforms as one app, and has been 100% reliable with low battery drain. Highly recommend if you don’t need to make voice calls (it can do texts, images, and supports voice/video files you can send and play within the app).
I’ve heard DeltaChat proved to be reliable for Iran protesters.
I know it’s not the most popular, but I’ve genuinely been happy with Matrix for the last few years. Obviously there are problems, but it really has gotten fairly stable. At least…for me…
+1 for matrix
The freenet/futo devs are working something called river (https://freenet.org/). I don’t think it’s mobile yet and cannot attest to it’s call quality. It’s fully decentralized though, so it should work even if they abandon the project. Here’s a video on the protocol https://youtu.be/3SxNBz1VTE0 Mostly goes over the introductory docs that’re on the site.
Let’s hope they don’t use the terrible FUTO license
Signal at #1 and #2 spots 😭 only 4 options 😭 100% of options funded by western governments 😭 yup it’s a .world user’s post
Could you elaborate on why Signal is a bad choice?
Are SimpleX and Briar also poor choices? Delta Chat?
And maybe why being funded by western governments is a bad thing as opposed to other governments?
Thanks 🙇♂️
It isn’t. But I see this same post over and over. Really feels like there is a campaign against signal. Also tor developed by US Naval Research, so I guess it’s bad too.
good to know leaking phone numbers and being the main Discord alternative used by congress and Jeff Bezos on a centralized server isn’t a problem on .world
TOR nodes are mostly run by the US government and independent cryptocurrency entrepreneurs (Jeffrey Epstein email chain inhabitants)
if you had half a brain you would use i2p
Cool strawmen; I didn’t say any of that. Signal protocol is awesome for privacy, not anonymity. Maybe I don’t have half a brain, but I happen to think the double ratchet implementation is an impressive piece of tech. Maybe I’m as dumb as your fever dream, but compromised exits doesn’t make tor any less of an achievement. Though i2p is also superb. I guess my brain is too weak to understand why those statements are mutually exclusive.
Signal protocol is awesome for privacy, not anonymity
The “privacy, not anonymity” dichotomy is some weird meme that I’ve seen spreading in privacy discourse in the last few years. Why would you not care about metadata privacy if you care about privacy?
Signal is not awesome for metadata privacy, and metadata is the most valuable data for governments and corporations alike. Why do you think Facebook enabled e2ee after they bought WhatsApp? They bought it for the metadata, not the message content.
Signal pretends to mitigate the problem it created by using phone numbers and centralizing everyone’s metadata on AWS, but if you think about it for just a moment (see linked comment) the cryptography they use for that doesn’t actually negate its users’ total reliance on the server being honest and following their stated policies.
Signal is a treasure-trove of metadata of activists and other privacy-seeking people, and the fact that they invented and advertise their “sealed-sender” nonsense to pretend to blind themselves to it is an indicator that this data is actually being exploited: Signal doth protest too much, so to speak.
deleted by creator
I Facebook said they enabled E2EE, theres zero evidence and zero way to verify that. Facebook has been caught in lie after lie. They most likely lied about that too.
Many people have reverse-engineered and analyzed whatsapp; it’s clear that they are actually doing e2ee. It is not certain that they don’t have ways to bypass it for targeted users, and there is currently a lawsuit alleging that they do, but afaik no evidence has been presented yet.
